DAVID W.

WHIPPLE

davewhipple52@gmail.com 785-294-6649 www.linkedin.com/pub/davidwwhipple

CHIEF SECURITY/RISK OFFICER

Highly innovative, accomplished, and progress-driven executive with extensive experience championing operational security programs within the military, government, and private sectors. Broad background driving design and implementation of advanced IT systems for global corporations within various industries. Demonstrated expertise conducting thorough assessments/analyses, identifying and mitigating vulnerabilities, and devising strategic plans for continued infrastructure protection. Talent for clearly communicating critical data to senior leadership and building teams of dedicated personnel. Basic language skills in Spanish, Arabic, and German. Strengths include: System Architecture Information Assurance (IA) Business/Technology Integration Gap Analysis Regulatory Compliance Assessment & Authorization (A&A) Policy & Procedure Design Vulnerability Scans Enterprise Risk Management (ERM) Client Relations & Education Budget Administration Disaster Recovery

PROFESSIONAL CREDENTIALS
Top Secret Security Clearance/SCI Certified Chief Information Security Officer (C|CISO) EC-Council Certified Information Systems Security Professional (CISSP) (ISC) Microsoft Certified Systems Administrator + Security (MCSA+S) National Security Agency (NSA) INFOSEC Assessment Methodology (IAM)/INFOSEC Evaluation Methodology (IEM) CompTIA Security+ & Network+ Information Technology Infrastructure Library (ITIL) ver 3 Memberships (ISC) and PMI

PROFESSIONAL EXPERIENCE & ACHIEVEMENTS

General Dynamics Information Technology (GDIT), Fairfax, VA Chief Technology Officer Security (CTO-S), Director of Security Group (Civilian) 2009 to 2013

Presided over group supporting $160M in annual contracts for top 5 provider of IT solutions for the US federal government. Supervised 9 leadership staff with indirect responsibility for 300 project management personnel across 3 divisions: Security Operations Centers (SOCs), IA and Compliance, and Security Architecture. Worked closely with government Senior Executive Service (SES) managers in the development of ERM balance scorecards, IT Security Governance, and executive dashboards for key security metrics. Partnered with organization management and administration, Privacy Oversight Committee, and legal counsel to design, implement, and update privacy policies/procedures. Confirmed ongoing compliance with all contractual security requirements and applicable government regulations. Continually monitored security metrics of logical/physical systems for controlling building and system access. Architected remediation controls to neutralize system vulnerabilities. Conducted reviews and oversaw enterprise security training for users and IT administrators. Interviewed potential senior IT and security team candidates. Completed annual efficiency evaluations, reviewed subordinate manager assessments, and recommended staff for promotions as appropriate.

Created unified security group from 4 separate corporate acquisitions, successfully inspiring collaboration, instilling focus on innovation and efficiency, and establishing sense of community among 300+ security professionals. Spearheaded project to construct GDITs first corporate cloud solution and secure FEDRAMP authorization with budget of just under $5M; led engineering team in architecting, building, and obtaining customers within one year and saving $5M+ in first year of operation. Personally directed small security team charged with implementing US governments first cloud solution consisting of 4 data centers, 2 SOCs/NOCs, and 3 call centers located nationwide; completed project within 53 days from date of award, ensuring adherence to NIST requirements for all locations.

DAVID W. WHIPPLE

davewhipple52@gmail.com 785-294-6649 Page 2

Appointed to rescue struggling program that had lost $2M+ due to lack of proper security controls; recruited 5 security engineers and led 30-day nonstop effort to eliminate security issues, tighten systems, and receive authorization to operate from US federal government. In response to 9/11, hand-selected to design and construct operations center in the Pentagon that would combine all building operations systems into one control center; completed assignment 6 months ahead of schedule and $2.8M under budget. 2009

Science Applications International Corporation (SAIC), Fort Leavenworth, KS Principal Cyberwarfare SME (Contract)

Enlisted by Senior General Officer to support development of US Armys Concept of Operations Manual for cyberwarfare. Managed team of 3 SMEs on cyberwarfare in Republic of China, Eastern Europe, and Middle East as well as research analysts and technical engineers. Orchestrated writing of materials from US Military Services and NSA addressing cyber effects for offensive and defensive operations. Coordinated Defense Advanced Research Projects Agency (DARPA) and government research facility efforts in design of advanced attack and exploitation software for military offensive operations.

Assembled team of professionals from throughout the US including government personnel, academics, and private industry experts to address Advanced Persistent Threats (APTs) against critical infrastructures (electric grid, oil and gas, and utilities); held quarterly classified meetings to author doctrine of Attack, Exploitation, and Defend. Led group of computer and language experts to research Middle East and Asia cyberwarfare, evaluating common approaches on how a computer information system introduced a weakness and how the weakness is exploited laterally organization-wide; documented aggressive procedures and highlighted possible infrastructure defenses. 2007 to 2009

Burns & McDonnell, Kansas City, MO Director of Security/Senior Security Project Manager

Filled much-needed and newly created leadership position to unite security personnel throughout the company and increase collaboration. Directly supervised Chief of Critical Infrastructure Security, Chief of Anti-Terrorism Protection, and Chief of Security Design and Architecture; managed project matrix team of 60 personnel.

Served as security integration Project Manager for design/build of LEED Platinum certified campus Education City in Doha, Qatar with 5 extensions (Cornell, Texas A&M, Carnegie Mellon, Virginia Commonwealth, and Georgetown Universities); led development of biometric access control, utility, and security systems, RFID system for tracking/authenticating students and minimizing their energy usage, and operations command center with video cube wall, integrated video analytics, and master control stations. Spearheaded critical infrastructure protection assessment for 4 major regional oil producing and electricity generating facilities, ensuring adherence to NERC CIP 002-009 regulations. As Sr. Security Architect/Project Manager for NISPOM implementation at new DoE facility, directed 40 team members responsible for evaluating critical infrastructure sites and maintaining certification and accreditation via NISPOM and NIST documentation as well as DoE compliance; made recommendations for mitigating vulnerabilities as Senior INFOSEC Consultant. Chosen to support design and prototype development of next generation operations center for the Pentagon in response to 9/11: Directed security infrastructure team of 24 engineers in the convergence of all electrical controls for building management system into one center. Conducted vulnerability scans using DoD Gold Disk, Lumension, and Nessus, recommended controls to Undersecretary of Defense and DAA, implemented new demilitarized zones and virtual private networks, and prepared all documents for DIACAP certification and accreditation. Consolidated all utilities, elevators, environmental controls, CCTVs, and building access controls into large 4x8 cube wall depicting 3D picture of the Pentagon, providing emergency services, fire, police, and command and control with complete system visibility.

Filled role as Sr. Security Architect for amalgamation of IT operations of Dulles and Reagan National Airports into one system that could be managed from a single location, enabling security forces to communicate in real time and rapidly address critical intelligence threats.

Midwest Systems Integrators (MSI), Overland Park, KS Principal Security Architect

2005 to 2007

Provided expert consultation to external customers on security and security-related integration projects including C-level leadership within medium and large commercial and government organizations. Completed risk assessments and gap analyses on clients architecting solutions to identify/mitigate vulnerabilities. Conducted network , security, compliance, and risk management assessments for corporate infrastructure and mentor organizations to implement improved processes and technologies. Referenced ISO 27001/27002, ITIL, and COBIT as benchmarking tools to support clients in operating within industry best practices.

Aided Wells Fargo with integrating ISO 27001 into their operations and certifying all international offices and partners, traveling worldwide to perform security assessments and ensure problems were resolved; effectively handled as many as 10 service contracts simultaneously and led team that completed 650+ total assessments. Served as Principal Security Consultant for DIACAP certification and accreditation for 3 National Guard state networks, executing vulnerability scans, providing brief to leadership with recommended controls, and assisting CIOs with building business cases for presentation to legislators for funding modern firewalls and vulnerability mitigation software. As Principal Project Manager/Security Consultant for major southwest nuclear energy consortium, architected physical and technical controls for 3 plant sites; performed assessments, presented final briefing to CEO and General Board, held weekly meetings with project managers responsible for implementing recommended changes, and generated monthly progress reports. 2002 to 2005

Summit Solutions, Fort Leavenworth, KS Network & Security Division Manager

Supervised team of network and security professionals including 10 technicians providing computer maintenance and LAN/WAN network support (CISCO switches and routers). Administered $2M annual budget and managed 15 customer networks encompassing remote administration of Windows 2000/2003 domains and PKI/VPN design/maintenance for extranet partners with 35+ Windows 2000/2003 and Unix servers and 1.5K+ workstations. Facilitated critical infrastructure protection assessment and analysis of mission-critical and real-time systems for corporate clients, identifying issues and executing remediation strategies.

Presided over DITSCAP certification and accreditation for 3 military organizations on Fort Leavenworth. Officiated penetration exercises for DoD, commercial, and financial organizations to assess enterprise security and designed/installed firewall and intrusion detection systems. 1998 to 2002

US Army, LTC, Various Locations CIO, Fort Leavenworth Network & Security Division Manager CIO, US Army Command & General Staff College

Evaluated, monitored, and configured network and security computer systems. Supervised Information Management division with 36 personnel, $2M+ annual budget, and $54M+ in assets. Oversaw entire US Army automation network encompassing network access controls, system security, programming applications, and network administration. Filled role as Technical Lead Administrator for 3 web servers, 250 UNIX, Novell, 10 Win NT 4.0 and Win 2000 file and print servers, and 3200 Windows 2000 Workstations. Controlled 43 CISCO 1900, 3400, and 5500/5509 switches. Partnered with Installation Director of Information Management to set up, sustain, and improve network architecture, configuration, management, and security. Created policies/procedures for computer use and safeguarding of colleges automation resources.

Functioned as colleges DITSCAP certification and accreditation Project Manager, utilizing NSA guide for secure platforms to build NT4 OS and completing required testing prior to deployment. Administered $20M+ budget for network design for new Lewis and Clark education facility; p erformed networks first DIACAP certification and reaccreditation in TRADOC and trained ISOs on procedures. Additional roles with US Army: Technology Advisor to Kingdom of Saudi Arabia, Army Automation & Security Officer; 20+ years of total service (retired), honors include Bronze Star and Distinguished Unit Citation presented by General Norman Schwarzkopf for leading 235 personnel in Desert Storm

DAVID W. WHIPPLE

davewhipple52@gmail.com 785-294-6649 Page 4

TEACHING EXPERIENCE
Webster University, St. Louis, MO Full Adjunct Professor University of Ulster, Intelligent Systems Research Centre, Northern Ireland Visiting Professor 2000 to Present 2000 to Present

Teach various courses including Computer Information Security, Data Communications and Computer Networks (LAN and WAN emphasis), and Systems Analysis and Design Methods.

EDUCATION & RECENT TRAINING

Ph.D. in IA & Security Candidate (ABD), Capella University, Minneapolis, MN (Expected 2014) Presently in dissertation phase M.S. in Logistics, Florida Institute of Technology, Melbourne, FL Received honors for automation and operational research B.S. in Law Enforcement, Weber State College, Ogden, UT Assessing and Exploiting Web Applications with Samurai WTF (2012), Pentesting and Social Engineering (2011), Pentesting Oracle from Web (2010), Pentesting with Backtrack (2010), Web 2.0 Hacking (2010), Incident Response and Network Forensics (2010)

PUBLICATIONS

Effective Security Metrics in a NIST Required IT System, September 2012 The Impact of Information Security Events on the Stock Value of Firms, September 2012 Effective Security Metrics in a NIST Required IT System, June 2012 SOX, Security Breaches and How They Impact Corporate Stock Prices, March 2012 Public Corporations: Optimal Position of the Chief Security Officer with the Company, March 2012 Public Corporations: Governance Changes when Implementing Sarbanes-Oxley, December 2011 Cloud Computing and Software as a Service for a Government Agency, December 2011 Using a Balanced Scorecard for Security, September 2011 The Right to Privacy: Differences between the US and the EU, a Case Study, September 2011 Requirements Analysis for Security Software Development, June 2011 Implementing Security into the Early Stages of SDLC Development, February 2011 Enterprise Security Risk Management, February 2011 Social Engineering: How does Training Counter the Threat, December 2010 Social Engineering: Precursor to Advanced Persistent Threat, December 2010 US Army Concept of Operations on Cyberwarfare (CONOPS), August 2009

PRESENTATIONS

Security Intelligence, Magee College, Londonderry, Northern Ireland, June 2013 Implementing Security in the Cloud and FEDRAMP Certification, September 2012 Social Engineering and Advanced Persistent Threat, BYU, March 2011 Advanced Persistent Threat, Magee College, Londonderry, Northern Ireland, May 2011 CISSP Advanced Concepts, Command and General Staff College, Fort Leavenworth, July 2009 CISSP Fundamentals, Kansas National Guard, July 2005